Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2006-6
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 28 Mar 2006
 Last revised: 28 Mar 2006

 Package: php

 Summary: Multiple vulnerabilities in php

 More information:
    PHP is an HTML-embedded scripting language.
    Multiple vulnerabilities in PHP allow remote attackers to bypass safe_mode and open_basedir
restrictions via unknown attack vectors in ext/curl and ext/gd.

 Impact:
    The vulnerabilities may allow remote attackers to bypass access control rules.

 Affected Products:
    - Turbolinux Appliance Server 2.0
    - Turbolinux 10 Server x64 Edition
    - Turbolinux Appliance Server 1.0 Hosting Edition
    - Turbolinux Appliance Server 1.0 Workgroup Edition
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux Multimedia
    - Turbolinux Personal
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server


 <Turbolinux Appliance Server 2.0>

   Source Packages
   Size: MD5

   php4-4.3.8-18.src.rpm
     12308587 fbc265628736c1fc0d1b99c343ab4fb5

   Binary Packages
   Size: MD5

   php4-4.3.8-18.i586.rpm
      5138689 dc884cf114c48ce369fc54818780fbec
   php4-gd-4.3.8-18.i586.rpm
        46283 13bc7c75b375fee36c70226fbd123268
   php4-imap-4.3.8-18.i586.rpm
        11500 e2f859fe8cdcc98f15a84dac9c482ec4
   php4-ldap-4.3.8-18.i586.rpm
        35171 af4256d6146870166d101feb19f78012
   php4-ming-4.3.8-18.i586.rpm
        46244 761ea75368c3e300632034e9593feeb4
   php4-mysql-4.3.8-18.i586.rpm
       120593 26d3c55d81666a5bf7cfd4debbc09087
   php4-pgsql-4.3.8-18.i586.rpm
        69588 3cdfc4eb28ed28135b5921d3f1befce5

 <Turbolinux 10 Server x64 Edition> 

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/php4-4.3.9-8.src.rpm
     12357045 fc0dbdc38fdd5ddf6aaddceab8cf0292

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-4.3.9-8.x86_64.rpm
      5474612 202b5dfc466205e337b2ccb8067551bc
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-debug-4.3.9-8.x86_64.rpm
      6585745 b362f06f90950ec2119f0a3c336310ae
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-gd-4.3.9-8.x86_64.rpm
        50223 2be7ca3a0ec1e083bceec531e3bf8418
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-imap-4.3.9-8.x86_64.rpm
        10584 9ee2b1d2dc1d4da140fe028c4900631e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-ldap-4.3.9-8.x86_64.rpm
        38390 75b1faff36f435c9d3e1660d8fc0fb2e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-manual-4.3.9-8.x86_64.rpm
      7501419 f504564a841f292b3bff3e552a4ba1a9
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-ming-4.3.9-8.x86_64.rpm
        50532 877b2cae7841aaed49195f30e597adb2
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-mysql-4.3.9-8.x86_64.rpm
       133830 2db4bda773ce8a36741081d6f1543ad0
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-pgsql-4.3.9-8.x86_64.rpm
        75447 06ad8b870f4d236108aa4a6593747520

 <Turbolinux Appliance Server 1.0 Hosting Edition>

   Source Packages
   Size: MD5

   php-4.2.3-28.src.rpm
      3601908 5ae23da47dbc92aae2fbed2903ad4bd4

   Binary Packages
   Size: MD5

   php-4.2.3-28.i586.rpm
      1632841 e94745c997e6b716c3bf2547a00d812f
   php-gd-4.2.3-28.i586.rpm
        31727 07d4dfebff621801b6aee9c1a8825c38
   php-imap-4.2.3-28.i586.rpm
         9562 3b6d016828dcfcaff17fb3e3a29804d8
   php-ldap-4.2.3-28.i586.rpm
        25014 86ad01ccc68e0138fd989e9853582d71
   php-manual-4.2.3-28.i586.rpm
       342062 e263f2dc2ea2d79d1c9beaf8e97d7f03
   php-ming-4.2.3-28.i586.rpm
        33625 44de5a6fa78e106e7384041223dfdb52
   php-mysql-4.2.3-28.i586.rpm
        91171 656ca9512297fa58eff67225ab5016c1
   php-pgsql-4.2.3-28.i586.rpm
        35817 8eb882de484f153949ebf5055639c76c

 <Turbolinux Appliance Server 1.0 Workgroup Edition>

   Source Packages
   Size: MD5

   php-4.2.3-28.src.rpm
      3601908 d446b1d9c1687cfb9b767dc57080921a

   Binary Packages
   Size: MD5

   php-4.2.3-28.i586.rpm
      1633394 26409949058248454ca977eb067b692c
   php-gd-4.2.3-28.i586.rpm
        31873 ecfbd85d9effd0cd0019f98a16173c45
   php-imap-4.2.3-28.i586.rpm
         9703 6efaa04f16874232d0ce8a917b9ea446
   php-ldap-4.2.3-28.i586.rpm
        25155 a0444235f71a63a39f25ac74f5c6e94e
   php-manual-4.2.3-28.i586.rpm
       342187 937dcbaab1a9550616a00f0bb7e6ff49
   php-ming-4.2.3-28.i586.rpm
        33746 6020bd84dc24f601a1b6ffe52f51b6ee
   php-mysql-4.2.3-28.i586.rpm
        91361 09c47fc364f4cc55bdbc0bed0ff3a6ac
   php-pgsql-4.2.3-28.i586.rpm
        35981 d3a5636f2967a0e3b30b41aff6e40a11

 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/php4-4.3.8-18.src.rpm
     12308587 fbc265628736c1fc0d1b99c343ab4fb5

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-4.3.8-18.i586.rpm
      5138689 dc884cf114c48ce369fc54818780fbec
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-debug-4.3.8-18.i586.rpm
      6520150 7c47b5d5560e73f699911662b8389131
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-gd-4.3.8-18.i586.rpm
        46283 13bc7c75b375fee36c70226fbd123268
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-imap-4.3.8-18.i586.rpm
        11500 e2f859fe8cdcc98f15a84dac9c482ec4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-ldap-4.3.8-18.i586.rpm
        35171 af4256d6146870166d101feb19f78012
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-manual-4.3.8-18.i586.rpm
      7503211 18ec7903bb0517cbd9d0d3b1c892e43b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-ming-4.3.8-18.i586.rpm
        46244 761ea75368c3e300632034e9593feeb4
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-mysql-4.3.8-18.i586.rpm
       120593 26d3c55d81666a5bf7cfd4debbc09087
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-pgsql-4.3.8-18.i586.rpm
        69588 3cdfc4eb28ed28135b5921d3f1befce5

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/php4-4.3.3-14.src.rpm
      4184443 bbb2c8e10c2c474b371c54e33f7ed16f

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-4.3.3-14.i586.rpm
      3405660 0f21944f06fb3f4c5bf3b2c1de3e83b7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-gd-4.3.3-14.i586.rpm
        31123 bd18f1896475a25f3625d2c1cf35ae91
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-imap-4.3.3-14.i586.rpm
         9710 7c72edb0adddcfbdd7d1fed9cc43a1ea
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ldap-4.3.3-14.i586.rpm
        24092 78b07c1d826749b1146b57699788c59f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-manual-4.3.3-14.i586.rpm
       342164 3c1eb2101ae01343274479ab057c228b
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ming-4.3.3-14.i586.rpm
        30588 d32e69622b438b843a029741eb087e86
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-mysql-4.3.3-14.i586.rpm
        81655 be392e2a8a803f5622c8cb412979908f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-pgsql-4.3.3-14.i586.rpm
        48123 7901055c3eab7f75c062db40ef1c1552

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/php-4.2.3-28.src.rpm
      3601908 a076158817ce22e1c35feac3955a8559

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-4.2.3-28.i586.rpm
      1633128 6ee5dbaae130a40fc7d521f121990007
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-gd-4.2.3-28.i586.rpm
        31804 60af8d7001890934470c3e2c0854a282
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-imap-4.2.3-28.i586.rpm
         9661 50b0a8c90c5c5cbc88715163b1877a65
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ldap-4.2.3-28.i586.rpm
        25092 d4312a647643b0c671a260f02af02d5c
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-manual-4.2.3-28.i586.rpm
       342162 a7abd66e65701833674fad5a7c9097db
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ming-4.2.3-28.i586.rpm
        33688 892a0d5da48e8718a99e058df2e53394
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-mysql-4.2.3-28.i586.rpm
        91259 143367317970a0f7b61e495a88434b30
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-pgsql-4.2.3-28.i586.rpm
        35885 85b820ef44cd26b5b0791ca39ae9d7cb

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/php-4.2.3-28.src.rpm
      3601908 cffe95df8d862dba96464867398a616b

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-4.2.3-28.i586.rpm
      1632372 8b82aeb632fe943cd6784f08718c582e
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-gd-4.2.3-28.i586.rpm
        31812 f0bd069bface948bae27b22410decde3
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-imap-4.2.3-28.i586.rpm
         9661 e607fcc0590386a4b313a91690681cbd
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ldap-4.2.3-28.i586.rpm
        25118 78bd37d2da30a3b055c93a4a16410504
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-manual-4.2.3-28.i586.rpm
       342167 0aa974b268fa34d6cb01841404c68676
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-ming-4.2.3-28.i586.rpm
        33664 1d1c664c4a6f6d62bc270465494fd399
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-mysql-4.2.3-28.i586.rpm
        91287 43f3d35b4a887d97c43080cbde9f400f
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/php-pgsql-4.2.3-28.i586.rpm
        35921 1c97a577b38aa2f30c180134b83081c7

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/php-4.2.3-28.src.rpm
      3601908 b9f477921d2846848ac8e79b031eb216

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-4.2.3-28.i586.rpm
      1604252 4d17e8de5e7ef70f4f2a375e237954d7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-imap-4.2.3-28.i586.rpm
         9664 7625aa4fa4874c6dc404204ed4001d14
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-ldap-4.2.3-28.i586.rpm
        24679 c145fdfb861c7b3c8ea19ad0ab5a5e01
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-manual-4.2.3-28.i586.rpm
       342066 33033424c932d44647fec9dbc62a5230
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-mysql-4.2.3-28.i586.rpm
        87052 5b1ad238a093df54ed88567fd98318d7
   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/php-pgsql-4.2.3-28.i586.rpm
        35736 8684eac51b289e049508d909e3fb1697


 References:

 CVE
   [CAN-2005-3391]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3391

 --------------------------------------------------------------------------
 Revision History
    28 Mar 2006 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2006 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFEKR8OK0LzjOqIJMwRApoeAKCkRMZZLjbWSx3TztAVMvtp06tO8ACfaLK1
+6sy/I4sei61yG1EnxRufnc=
=Fgix
-----END PGP SIGNATURE-----




© 1998-2024 E-Soft Inc. All rights reserved.